drivers/crypto/cnxk/cnxk_se.h

   1 /* SPDX-License-Identifier: BSD-3-Clause
   2  * Copyright(C) 2021 Marvell.
   3  */
   4
   5 #ifndef _CNXK_SE_H_
   6 #define _CNXK_SE_H_
   7 #include <stdbool.h>
   8
   9 #include "roc_se.h"
  10
  11 struct cnxk_se_sess {
  12         uint16_t cpt_op : 4;
  13         uint16_t zsk_flag : 4;
  14         uint16_t aes_gcm : 1;
  15         uint16_t aes_ctr : 1;
  16         uint16_t chacha_poly : 1;
  17         uint16_t is_null : 1;
  18         uint16_t is_gmac : 1;
  19         uint16_t rsvd1 : 3;
  20         uint16_t aad_length;
  21         uint8_t mac_len;
  22         uint8_t iv_length;
  23         uint8_t auth_iv_length;
  24         uint16_t iv_offset;
  25         uint16_t auth_iv_offset;
  26         uint32_t salt;
  27         uint64_t cpt_inst_w7;
  28         struct roc_se_ctx roc_se_ctx;
  29 } __rte_cache_aligned;
  30
  31 static __rte_always_inline int
  32 cpt_mac_len_verify(struct rte_crypto_auth_xform *auth)
  33 {
  34         uint16_t mac_len = auth->digest_length;
  35         int ret;
  36
  37         switch (auth->algo) {
  38         case RTE_CRYPTO_AUTH_MD5:
  39         case RTE_CRYPTO_AUTH_MD5_HMAC:
  40                 ret = (mac_len == 16) ? 0 : -1;
  41                 break;
  42         case RTE_CRYPTO_AUTH_SHA1:
  43         case RTE_CRYPTO_AUTH_SHA1_HMAC:
  44                 ret = (mac_len == 20) ? 0 : -1;
  45                 break;
  46         case RTE_CRYPTO_AUTH_SHA224:
  47         case RTE_CRYPTO_AUTH_SHA224_HMAC:
  48                 ret = (mac_len == 28) ? 0 : -1;
  49                 break;
  50         case RTE_CRYPTO_AUTH_SHA256:
  51         case RTE_CRYPTO_AUTH_SHA256_HMAC:
  52                 ret = (mac_len == 32) ? 0 : -1;
  53                 break;
  54         case RTE_CRYPTO_AUTH_SHA384:
  55         case RTE_CRYPTO_AUTH_SHA384_HMAC:
  56                 ret = (mac_len == 48) ? 0 : -1;
  57                 break;
  58         case RTE_CRYPTO_AUTH_SHA512:
  59         case RTE_CRYPTO_AUTH_SHA512_HMAC:
  60                 ret = (mac_len == 64) ? 0 : -1;
  61                 break;
  62         case RTE_CRYPTO_AUTH_NULL:
  63                 ret = 0;
  64                 break;
  65         default:
  66                 ret = -1;
  67         }
  68
  69         return ret;
  70 }
  71
  72
  73 static __rte_always_inline int
  74 fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
  75 {
  76         struct rte_crypto_cipher_xform *c_form;
  77         roc_se_cipher_type enc_type = 0; /* NULL Cipher type */
  78         uint32_t cipher_key_len = 0;
  79         uint8_t zsk_flag = 0, aes_ctr = 0, is_null = 0;
  80
  81         c_form = &xform->cipher;
  82
  83         if (c_form->op == RTE_CRYPTO_CIPHER_OP_ENCRYPT)
  84                 sess->cpt_op |= ROC_SE_OP_CIPHER_ENCRYPT;
  85         else if (c_form->op == RTE_CRYPTO_CIPHER_OP_DECRYPT) {
  86                 sess->cpt_op |= ROC_SE_OP_CIPHER_DECRYPT;
  87                 if (xform->next != NULL &&
  88                     xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
  89                         /* Perform decryption followed by auth verify */
  90                         sess->roc_se_ctx.template_w4.s.opcode_minor =
  91                                 ROC_SE_FC_MINOR_OP_HMAC_FIRST;
  92                 }
  93         } else {
  94                 plt_dp_err("Unknown cipher operation\n");
  95                 return -1;
  96         }
  97
  98         switch (c_form->algo) {
  99         case RTE_CRYPTO_CIPHER_AES_CBC:
 100                 enc_type = ROC_SE_AES_CBC;
 101                 cipher_key_len = 16;
 102                 break;
 103         case RTE_CRYPTO_CIPHER_3DES_CBC:
 104                 enc_type = ROC_SE_DES3_CBC;
 105                 cipher_key_len = 24;
 106                 break;
 107         case RTE_CRYPTO_CIPHER_DES_CBC:
 108                 /* DES is implemented using 3DES in hardware */
 109                 enc_type = ROC_SE_DES3_CBC;
 110                 cipher_key_len = 8;
 111                 break;
 112         case RTE_CRYPTO_CIPHER_AES_CTR:
 113                 enc_type = ROC_SE_AES_CTR;
 114                 cipher_key_len = 16;
 115                 aes_ctr = 1;
 116                 break;
 117         case RTE_CRYPTO_CIPHER_NULL:
 118                 enc_type = 0;
 119                 is_null = 1;
 120                 break;
 121         case RTE_CRYPTO_CIPHER_KASUMI_F8:
 122                 enc_type = ROC_SE_KASUMI_F8_ECB;
 123                 cipher_key_len = 16;
 124                 zsk_flag = ROC_SE_K_F8;
 125                 break;
 126         case RTE_CRYPTO_CIPHER_SNOW3G_UEA2:
 127                 enc_type = ROC_SE_SNOW3G_UEA2;
 128                 cipher_key_len = 16;
 129                 zsk_flag = ROC_SE_ZS_EA;
 130                 break;
 131         case RTE_CRYPTO_CIPHER_ZUC_EEA3:
 132                 enc_type = ROC_SE_ZUC_EEA3;
 133                 cipher_key_len = 16;
 134                 zsk_flag = ROC_SE_ZS_EA;
 135                 break;
 136         case RTE_CRYPTO_CIPHER_AES_XTS:
 137                 enc_type = ROC_SE_AES_XTS;
 138                 cipher_key_len = 16;
 139                 break;
 140         case RTE_CRYPTO_CIPHER_3DES_ECB:
 141                 enc_type = ROC_SE_DES3_ECB;
 142                 cipher_key_len = 24;
 143                 break;
 144         case RTE_CRYPTO_CIPHER_AES_ECB:
 145                 enc_type = ROC_SE_AES_ECB;
 146                 cipher_key_len = 16;
 147                 break;
 148         case RTE_CRYPTO_CIPHER_3DES_CTR:
 149         case RTE_CRYPTO_CIPHER_AES_F8:
 150         case RTE_CRYPTO_CIPHER_ARC4:
 151                 plt_dp_err("Crypto: Unsupported cipher algo %u", c_form->algo);
 152                 return -1;
 153         default:
 154                 plt_dp_err("Crypto: Undefined cipher algo %u specified",
 155                            c_form->algo);
 156                 return -1;
 157         }
 158
 159         if (c_form->key.length < cipher_key_len) {
 160                 plt_dp_err("Invalid cipher params keylen %u",
 161                            c_form->key.length);
 162                 return -1;
 163         }
 164
 165         sess->zsk_flag = zsk_flag;
 166         sess->aes_gcm = 0;
 167         sess->aes_ctr = aes_ctr;
 168         sess->iv_offset = c_form->iv.offset;
 169         sess->iv_length = c_form->iv.length;
 170         sess->is_null = is_null;
 171
 172         if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type,
 173                                          c_form->key.data, c_form->key.length,
 174                                          NULL)))
 175                 return -1;
 176
 177         return 0;
 178 }
 179
 180 static __rte_always_inline int
 181 fill_sess_auth(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 182 {
 183         struct rte_crypto_auth_xform *a_form;
 184         roc_se_auth_type auth_type = 0; /* NULL Auth type */
 185         uint8_t zsk_flag = 0, aes_gcm = 0, is_null = 0;
 186
 187         if (xform->next != NULL &&
 188             xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
 189             xform->next->cipher.op == RTE_CRYPTO_CIPHER_OP_ENCRYPT) {
 190                 /* Perform auth followed by encryption */
 191                 sess->roc_se_ctx.template_w4.s.opcode_minor =
 192                         ROC_SE_FC_MINOR_OP_HMAC_FIRST;
 193         }
 194
 195         a_form = &xform->auth;
 196
 197         if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY)
 198                 sess->cpt_op |= ROC_SE_OP_AUTH_VERIFY;
 199         else if (a_form->op == RTE_CRYPTO_AUTH_OP_GENERATE)
 200                 sess->cpt_op |= ROC_SE_OP_AUTH_GENERATE;
 201         else {
 202                 plt_dp_err("Unknown auth operation");
 203                 return -1;
 204         }
 205
 206         switch (a_form->algo) {
 207         case RTE_CRYPTO_AUTH_SHA1_HMAC:
 208                 /* Fall through */
 209         case RTE_CRYPTO_AUTH_SHA1:
 210                 auth_type = ROC_SE_SHA1_TYPE;
 211                 break;
 212         case RTE_CRYPTO_AUTH_SHA256_HMAC:
 213         case RTE_CRYPTO_AUTH_SHA256:
 214                 auth_type = ROC_SE_SHA2_SHA256;
 215                 break;
 216         case RTE_CRYPTO_AUTH_SHA512_HMAC:
 217         case RTE_CRYPTO_AUTH_SHA512:
 218                 auth_type = ROC_SE_SHA2_SHA512;
 219                 break;
 220         case RTE_CRYPTO_AUTH_AES_GMAC:
 221                 auth_type = ROC_SE_GMAC_TYPE;
 222                 aes_gcm = 1;
 223                 break;
 224         case RTE_CRYPTO_AUTH_SHA224_HMAC:
 225         case RTE_CRYPTO_AUTH_SHA224:
 226                 auth_type = ROC_SE_SHA2_SHA224;
 227                 break;
 228         case RTE_CRYPTO_AUTH_SHA384_HMAC:
 229         case RTE_CRYPTO_AUTH_SHA384:
 230                 auth_type = ROC_SE_SHA2_SHA384;
 231                 break;
 232         case RTE_CRYPTO_AUTH_MD5_HMAC:
 233         case RTE_CRYPTO_AUTH_MD5:
 234                 auth_type = ROC_SE_MD5_TYPE;
 235                 break;
 236         case RTE_CRYPTO_AUTH_KASUMI_F9:
 237                 auth_type = ROC_SE_KASUMI_F9_ECB;
 238                 /*
 239                  * Indicate that direction needs to be taken out
 240                  * from end of src
 241                  */
 242                 zsk_flag = ROC_SE_K_F9;
 243                 break;
 244         case RTE_CRYPTO_AUTH_SNOW3G_UIA2:
 245                 auth_type = ROC_SE_SNOW3G_UIA2;
 246                 zsk_flag = ROC_SE_ZS_IA;
 247                 break;
 248         case RTE_CRYPTO_AUTH_ZUC_EIA3:
 249                 auth_type = ROC_SE_ZUC_EIA3;
 250                 zsk_flag = ROC_SE_ZS_IA;
 251                 break;
 252         case RTE_CRYPTO_AUTH_NULL:
 253                 auth_type = 0;
 254                 is_null = 1;
 255                 break;
 256         case RTE_CRYPTO_AUTH_AES_XCBC_MAC:
 257         case RTE_CRYPTO_AUTH_AES_CMAC:
 258         case RTE_CRYPTO_AUTH_AES_CBC_MAC:
 259                 plt_dp_err("Crypto: Unsupported hash algo %u", a_form->algo);
 260                 return -1;
 261         default:
 262                 plt_dp_err("Crypto: Undefined Hash algo %u specified",
 263                            a_form->algo);
 264                 return -1;
 265         }
 266
 267         sess->zsk_flag = zsk_flag;
 268         sess->aes_gcm = aes_gcm;
 269         sess->mac_len = a_form->digest_length;
 270         sess->is_null = is_null;
 271         if (zsk_flag) {
 272                 sess->auth_iv_offset = a_form->iv.offset;
 273                 sess->auth_iv_length = a_form->iv.length;
 274         }
 275         if (unlikely(roc_se_auth_key_set(&sess->roc_se_ctx, auth_type,
 276                                          a_form->key.data, a_form->key.length,
 277                                          a_form->digest_length)))
 278                 return -1;
 279
 280         return 0;
 281 }
 282
 283 static __rte_always_inline int
 284 fill_sess_gmac(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
 285 {
 286         struct rte_crypto_auth_xform *a_form;
 287         roc_se_cipher_type enc_type = 0; /* NULL Cipher type */
 288         roc_se_auth_type auth_type = 0;  /* NULL Auth type */
 289
 290         a_form = &xform->auth;
 291
 292         if (a_form->op == RTE_CRYPTO_AUTH_OP_GENERATE)
 293                 sess->cpt_op |= ROC_SE_OP_ENCODE;
 294         else if (a_form->op == RTE_CRYPTO_AUTH_OP_VERIFY)
 295                 sess->cpt_op |= ROC_SE_OP_DECODE;
 296         else {
 297                 plt_dp_err("Unknown auth operation");
 298                 return -1;
 299         }
 300
 301         switch (a_form->algo) {
 302         case RTE_CRYPTO_AUTH_AES_GMAC:
 303                 enc_type = ROC_SE_AES_GCM;
 304                 auth_type = ROC_SE_GMAC_TYPE;
 305                 break;
 306         default:
 307                 plt_dp_err("Crypto: Undefined cipher algo %u specified",
 308                            a_form->algo);
 309                 return -1;
 310         }
 311
 312         sess->zsk_flag = 0;
 313         sess->aes_gcm = 0;
 314         sess->is_gmac = 1;
 315         sess->iv_offset = a_form->iv.offset;
 316         sess->iv_length = a_form->iv.length;
 317         sess->mac_len = a_form->digest_length;
 318
 319         if (unlikely(roc_se_ciph_key_set(&sess->roc_se_ctx, enc_type,
 320                                          a_form->key.data, a_form->key.length,
 321                                          NULL)))
 322                 return -1;
 323
 324         if (unlikely(roc_se_auth_key_set(&sess->roc_se_ctx, auth_type, NULL, 0,
 325                                          a_form->digest_length)))
 326                 return -1;
 327
 328         return 0;
 329 }
 330
 331 #endif /*_CNXK_SE_H_ */